The company uses users' personal information within the scope notified in the "Purpose of Collecting and Using Personal Information" and does not use or disclose users' personal information to third parties without prior consent from the users. However, in the following cases, personal information may be used and provided with care.
OrcaAI Inc. (hereinafter referred to as "the Company") complies with the personal information protection regulations that information and communication service providers must adhere to, such as the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and endeavors to protect users' rights by establishing a privacy policy in accordance with the relevant laws.
Personal information refers to information about a living individual that can identify the service user (including information that can be easily combined with other information to identify a specific individual, even if it cannot identify the individual alone). The personal information collected by the company is used for the following purposes and is not used for any purpose other than the following:
Provision of AI Character Chat Service and Improvement of AI Character Chat Service Algorithm: aira, the AI character chat service of the company, allows users to freely chat with characters. It provides basic functions that analyze user inputs to generate appropriate responses and customized digital content for users, and uses conversation data and corresponding metadata related to conversations (such as conversation frequency and conversation targets) to improve chat quality. Personal information is also used for user identification within the service, linking with other services or accounts generated through these services, and providing other content and additional services necessary for this purpose.
Service Improvement: Personal information is used to identify user usage records, such as error occurrences and improper usage, or to improve the service environment through user surveys and interviews.
The company collects the following information to process conversations with users and provide basic messaging and various conversation content and services. The collected information is also used to identify improper usage and improve AI conversation algorithms.
The company collects personal information through the following methods:
The consignment processing institutions and the consignment tasks of the company's personal and pseudonymized information are as follows:
| Trustee | Consigned Task | Retention and Use Period |
|---|---|---|
| Amazon Web Services | Infrastructure management for service provision and analysis | Until the purpose of use is achieved or the consignment contract ends |
| Google Cloud Platform | Infrastructure management for service provision and analysis | Until the purpose of use is achieved or the consignment contract ends |
| OpenAI | Research and development for chat service provision and improvement | Until the purpose of use is achieved or the consignment contract ends |
| Trustee | Consigned Task | Retention and Use Period |
|---|---|---|
| Amazon Web Services | Infrastructure management for pseudonymized information processing | Until the purpose of use is achieved or the consignment contract ends |
| Google Cloud Platform | Infrastructure management for pseudonymized information processing | Until the purpose of use is achieved or the consignment contract ends |
| OpenAI | Research and development for service improvement | Until the purpose of use is achieved or the consignment contract ends |
| Anthropic | Research and development for service improvement | Until the purpose of use is achieved or the consignment contract ends |
The details regarding the overseas transfer of the company's personal and pseudonymized information are as follows:
| Trustee | Destination Country | Transfer Time and Method | Personal Information Items Transferred | Consigned Task | Retention and Use Period |
|---|---|---|---|---|---|
| Amazon Web Services Inc (aws-korea-privacy@amazon.com) | USA | Transmission via network at the time of service use | Personal information and logs collected during service use | Infrastructure management and research and development for service improvement | Until the purpose of use is achieved or the consignment contract ends |
| Google Cloud Platform (080-822-1422) | USA, Europe, Singapore | Transmission via network at the time of service use | Personal information and logs collected during service use | Infrastructure management and research and development for service improvement | Until the purpose of use is achieved or the consignment contract ends |
| OpenAI (support@openai.com) | USA | Transmission via network at the time of service use | Personal information and logs collected during service use | Infrastructure management and research and development for service improvement | Until the purpose of use is achieved or the consignment contract ends |
| Amazon Web Services Inc (aws-korea-privacy@amazon.com) | USA | Online transfer during AI chat service advancement | User and counterpart's age, gender, relationship, and related usage records | Infrastructure management and research and development for pseudonymized information processing and service improvement | Until the purpose of use is achieved or the consignment contract ends |
| Google Cloud Platform (080-822-1422) | USA, Europe, Singapore | Online transfer during AI chat service advancement | User and counterpart's age, gender, relationship, and related usage records | Infrastructure management and research and development for pseudonymized information processing and service improvement | Until the purpose of use is achieved or the consignment contract ends |
| OpenAI (support@openai.com) | USA | Online transfer during AI chat service advancement | User and counterpart's age, gender, relationship, and related usage records | Infrastructure management and research and development for pseudonymized information processing and service improvement | Until the purpose of use is achieved or the consignment contract ends |
| Anthropic (support@anthropic.com) | USA | Online transfer during AI chat service advancement | User and counterpart's age, gender, relationship, and related usage records | Infrastructure management and research and development for pseudonymized information processing and service improvement | Until the purpose of use is achieved or the consignment contract ends |
Users can refuse the overseas transfer of personal information through the company's personal information protection officer. If a user refuses the overseas transfer of personal information, the company will exclude the user's personal information from the overseas transfer. However, in this case, the use of some or all of the company's services that necessarily involve the overseas transfer of personal information may be restricted.
Users' personal and pseudonymized information is, in principle, destroyed without delay once the purpose of collection and use is achieved. However, the following information is retained for the specified period for the reasons below:
The company retains member information for a certain period as prescribed by related laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce. In this case, the company uses the retained information only for the purposes of storage, and the retention period is as follows:
Users' personal information is, in principle, destroyed without delay once the purpose of collection and use is achieved.
The company's procedure and method for destroying personal information are as follows:
Information entered by the user for membership registration, etc., is transferred to a separate DB (in the case of paper, a separate document box) after the purpose is achieved and stored for a certain period according to internal policies and other relevant laws (refer to retention and use period)
before being destroyed. The personal information transferred to a separate DB is not used for any other purpose unless required by law.
Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in electronic file format is deleted using technical methods that prevent the recovery of records.
The company takes the following technical and managerial measures to ensure the safety of users' personal information and prevent it from being lost, stolen, leaked, altered, or damaged:
The company does its best to prevent users' personal information from being leaked or damaged by hacking or computer viruses. The company regularly backs up data to prepare for damage to personal information, uses the latest antivirus programs to prevent users' personal information or data from being leaked or damaged, and securely transmits personal information over the network through encrypted communications. The company also uses intrusion prevention systems to control unauthorized access from outside and makes every effort to equip all possible technical devices to secure the system.
The company's personal information handling staff is limited to those in charge, and a separate password is given and regularly updated for this purpose. Through frequent training of the staff, the company emphasizes compliance with this privacy policy.
The company operates an internal dedicated privacy protection task force to check the implementation and compliance of this privacy policy by the person in charge, and if any problems are found, they are corrected and rectified immediately.
However, the company is not responsible for any issues arising from the leakage of personal information due to the user's negligence or incidents not caused by the company's intentional or gross negligence.
To safely manage pseudonymized information, the company establishes and implements internal management plans, separates and stores pseudonymized information and additional information, separates access rights, and takes necessary technical, managerial, and physical measures to ensure safety in accordance with personal information protection laws.
Users can view, modify, delete their personal information at any time, and can request the withdrawal of consent for collection and use or cancel membership. However, if consent is withdrawn or information is deleted, the use of some or all of the services may be restricted.
If you want to view, modify, delete personal information, withdraw consent, or cancel membership, you can contact the personal information protection officer by mail, phone, or email, and we will take action without delay.
The company processes personal information that has been requested for cancellation or deletion as specified in the "Retention and Use Period of Personal Information Collected by the Company" and ensures that it cannot be viewed or used for any other purpose.
The company collects anonymous behavior pattern data (such as app launches, closures, specific button clicks, etc.) through the app usage pattern analysis service Google Analytics provided by Google, Inc. (hereinafter referred to as 'Google') to provide personalized services and improve services. This is to analyze and evaluate how customers use the company's services, understand customer needs, improve services and products, and recommend and provide optimized content for customers.
The processing of information collected through Google Analytics is subject to Google's Privacy Policy and Google Analytics Terms of Service.
The company does not collect information that can identify individuals through Google Analytics and does not combine collected information with personally identifiable information obtained through other channels.
Users have the option to refuse the installation of cookies. Therefore, users can opt-out of automated cookie information collection using the methods below.
Users can report any privacy-related complaints that arise from using the company's services to the personal information management officer or the responsible department. The company will provide prompt and sufficient responses to users' reports.
For other reports or consultations on privacy violations, please contact the following organizations:
Any additions, deletions, or modifications to the current privacy policy will be notified through announcements on the webpage or application at least 7 days before the implementation date.
<Addendum> This privacy policy applies from August 7, 2024.
The company may provide this privacy policy translated into English, Chinese, Japanese, or other languages. However, in the event of any conflicts or differences in interpretation between different language versions, the Korean version of the privacy policy will prevail.
OrcaAI Inc.
222 Wangsimni-ro, Seongdong-gu, Seoul, Korea
Commax Startup Town Unicorn Room, 1st Floor (Sageun-dong, Hanyang University)